OpenSSL released an emergency security update shortly after a patch was issued a few weeks ago. This security update addresses a critical Use After Free vulnerability introduced by the updated code that revised to resolve the earlier low severity vulnerability CVE-2016-6307. This critical Use After Free vulnerability (CVE-2016-6309) is caused by an error that occurs when relocating a message with an overlarge message size greater than 16k. Remote attackers may access the freed buffer to crash, or potentially even execute arbitrary code on vulnerable... [Read More]
by RSS Dehui Yin  |  Oct 12, 2016  |  Filed in: Security Research
This is our third week of the roundup, and things in the cyberthreat world continue to be interesting, including the return of several attacks we have seen for years. Here’s a quick summary of what happened this week. 1. It’s Still About Ransomware. While last week’s spike seems to have calmed down, we are still seeing an alarming amount of ransomware. This week our top 10 detections were all Javascript-based variants of Nemucod, with nearly 7 million attempts logged. It seems like attackers are producing a new Nemucod variant... [Read More]
by RSS Bill McGee  |  Sep 09, 2016  |  Filed in: Industry Trends
In 2009, Egypt slaughtered all 300,000 pigs in the country in response to the worldwide pandemic of so-called “swine flu”, or H1-N1. Some estimates put US pork industry losses at millions of dollars per week as major world markets stopped importing American pork. Yet while H1-N1 originally began in pigs, the pandemic was one of human-to-human transmission. Some pigs were infected by people, but most experts agreed that pork was safe to eat, despite popular concerns stemming from the disease’s nickname and early media coverage. The... [Read More]
by RSS Chris Dawson  |  May 13, 2015  |  Filed in: Industry Trends
The main issue with Hack.Lu this year was that there were too many interesting things in parallel: interesting talks, workshops, CTF... :) Talks 19 year old Filippo Valsorda talked about the setup of https://filippo.io/Heartbleed/ (heartbleed testing website) and his surprise at how many requests the website got. Several end-users also misunderstood the site and thought he would fix the issue, not just say if vulnerable. Attila Marosi presented his reverse engineering of some leaked Android FinSpy spyware. His tools to run a fake FinFisher server... [Read More]
by RSS Axelle Apvrille  |  Nov 10, 2014  |  Filed in: Security Research
[Read More]
by RSS Michael Perna  |  Aug 09, 2014  |  Filed in: Industry Trends
[Read More]
by RSS Michael Perna  |  Jun 14, 2014  |  Filed in: Industry Trends
[Read More]
by RSS Michael Perna  |  Jun 07, 2014  |  Filed in: Industry Trends
This month's Security Threat Landscape with Network World's Keith Shaw and Fortinet's Derek Manky covers everything from the FBI crack down on Blackshades to eBay. [Read More]
by RSS Michael Perna  |  Jun 02, 2014  |  Filed in: Industry Trends
[Read More]
by RSS Michael Perna  |  May 03, 2014  |  Filed in: Industry Trends
What's going on? Over the past weekend information became available about a previously-unknown vulnerability in all modern versions of Microsoft's Internet Explorer browser that allow an attacker to remotely execute code without the victim's permission. This can lead to compromise of your system and various malware to be installed. The exploit leverages a technique often used by attackers via Adobe Flash to bypass certain features of IE that are designed to prevent remote code execution (RCE). Why is this a big deal? This vulnerability (which... [Read More]
by RSS Richard Henderson  |  Apr 28, 2014  |  Filed in: Industry Trends